#---------------------------------------------------------------------------------------------------------------------------------------------
一、编译安装
http://www.squid-cache.org/Versions/v3/3.2/squid-3.2.3.tar.gz
# tar xvzf squid-3.2.3.tar.gz
# cd squid-3.2.3
# ./configure --prefix=/usr/local/squid \
--enable-dlmalloc \
--enable-gnuregex \
--disable-carp \
--enable-async-io=100 \
--with-aufs-threads=32 \
--with-pthreads \
--enable-storeio="ufs,aufs" \
--enable-removal-policies="heap,lru" \
--enable-icmp \
--enable-htcp \
--enable-delay-pools \
--enable-useragent-log \
--enable-referer-log \
--disable-wccp \
--disable-wccpv2 \
--enable-kill-parent-hack \
--enable-arp-acl \
--disable-snmp \
--enable-default-err-language=Simplify_Chinese \
--enable-err-languages="Simplify_Chinese English" \
--disable-poll \
--disable-select \
--enable-epoll \
--enable-auth \
--enable-auth-basic="DB,NCSA,PAM,RADIUS,SASL" \
--with-aio \
--disable-ident-lookups \
--enable-truncate \
--enable-stacktraces \
--with-maxfd=65535 \
--disable-ipv6 \
--enable-ipf-transparent \
--enable-linux-netfilter
# make && make install
#---------------------------------------------------------------------------------------------------------------------------------------------
二、配置过程
(1)、创建相关目录及权限
# mkdir -p /data/squid/{cache,coredump,logs}
# /usr/sbin/groupadd squid
# /usr/sbin/useradd squid -g squid -s /sbin/nologin
# chmod -R 777 /data/squid/{cache,coredump,logs}
# chown -R squid:squid /data/squid/{cache,coredump,logs}
(2)、配置文件内容
# vim /usr/local/squid/etc/squid.conf
http_port 内网口IP:8080
cache_effective_user squid
cache_effective_group squid
cache_mem 2048 MB
cache_swap_low 90
cache_swap_high 95
ipcache_size 1024
ipcache_low 90
ipcache_high 95
cache_replacement_policy lru
memory_replacement_policy lru
cache_dir aufs /data/squid/cache 20480 16 256
coredump_dir /data/squid/coredump
memory_pools_limit 1024 MB
max_open_disk_fds 0
minimum_object_size 0 KB
maximum_object_size 32768 KB
maximum_object_size_in_memory 2048 KB
access_log /dev/null
cache_access_log none
cache_log /dev/null
cache_store_log none
cache_swap_log /data/squid/logs/swap.log
logfile_rotate 1
pid_filename /usr/local/squid/var/logs/squid.pid
cache_mgr [email protected]
strip_query_terms off
visible_hostname ProxySrv
error_directory /usr/local/squid/share/errors/zh-cn
request_header_max_size 64 KB
request_body_max_size 0 KB
negative_ttl 5 minutes
read_timeout 1 minutes
client_lifetime 10 minutes
connect_timeout 1 minute
peer_connect_timeout 30 seconds
request_timeout 2 minutes
persistent_request_timeout 1 minute
client_persistent_connections off
server_persistent_connections on
tcp_recv_bufsize 65535 bytes
half_closed_clients off
httpd_suppress_version_string off
ie_refresh off
allow_underscore on
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
dns_nameservers DNS服务器IP
acl OverConnLimit maxconn 300
http_access deny OverConnLimit
acl our_network src 192.168.0.0/16
http_access allow our_network
acl SSL_ports port 443
acl CONNECT method CONNECT
http_access deny CONNECT !SSL_ports
request_header_access Via deny all
request_header_access X-Forwarded-For deny all
(3)、检查配置是否正确
# /usr/local/squid/sbin/squid -k parse
#---------------------------------------------------------------------------------------------------------------------------------------------
三、启动脚本
# vim /etc/init.d/squid
#!/bin/sh
#
#squid - this script start and stop the squid daemon
#
# chkconfig: - 90 25
# description: squid is a pagecache reverse proxy.
# processname: squid
# pidfile: /usr/local/squid/var/logs/squid.pid
# config: /usr/local/squid/etc/squid.conf
#
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
BINFILE="/usr/local/squid/sbin/squid"
CFGFILE="/usr/local/squid/etc/squid.conf"
PIDFILE="/usr/local/squid/var/logs/squid.pid"
LOCKFILE="/var/lock/squid.lock"
CACHEPATH="/data/squid/cache"
OUTFILE="/data/squid/logs/squid.out"
SQUID_PIDFILE_TIMEOUT=${SQUID_PIDFILE_TIMEOUT:-20}
SQUID_SHUTDOWN_TIMEOUT=${SQUID_SHUTDOWN_TIMEOUT:-100}
[[ -f $BINFILE ]] && SQUID="${BINFILE}"
CACHE_SWAP=`sed -e 's/#.*//g' ${CFGFILE} | grep cache_dir | awk '{print $3}'`
[ -z "$CACHE_SWAP" ] && CACHE_SWAP="${CACHEPATH}"
RETVAL=0
start() {
if [[ ! -f ${CFGFILE} ]]; then
echo "The configuration file: ${CFGFILE} has no found!" 1>&2
exit 6
fi
SQUID_OPTS="-s -f ${CFGFILE}"
[[ -z "$SQUID" ]] && echo "Insufficient privilege" 1>&2 && exit 4
for adir in $CACHE_SWAP
do
if [[ ! -d $adir/00 ]]; then
echo -n "init_cache_dir $adir"
$SQUID -z -F -D >> ${OUTFILE} 2>&1
fi
done
echo -n "Starting squid..."
$SQUID $SQUID_OPTS >> ${OUTFILE} 2>&1
RETVAL=$?
if [[ $RETVAL -eq 0 ]]; then
timeout=0;
while :
do
[[ ! -f ${PIDFILE} ]] || break
[[ $timeout -ge $SQUID_PIDFILE_TIMEOUT ]] && RETVAL=1 && break
sleep 1 && echo -n "."
timeout=$((timeout+1))
done
fi
echo ""
[[ $RETVAL -eq 0 ]] && touch ${LOCKFILE}
[[ $RETVAL -eq 0 ]] && echo "start squid is ok!"
[[ $RETVAL -ne 0 ]] && echo "start squid is failed!"
return $RETVAL
}
stop() {
SQUID_SHUTDOWN_TIMEOUT=${SQUID_SHUTDOWN_TIMEOUT:-100}
echo -n "Stopping squid..."
$SQUID -k check >> ${OUTFILE} 2>&1
RETVAL=$?
if [[ $RETVAL -eq 0 ]]; then
$SQUID -k shutdown &
rm -f ${LOCKFILE}
timeout=0
while :
do
[[ -f ${PIDFILE} ]] || break
[[ $timeout -ge $SQUID_SHUTDOWN_TIMEOUT ]] && echo "" && return 1
sleep 2 && echo -n "."
timeout=$((timeout+2))
done
echo ""
echo "Stop squid is ok!"
else
echo ""
echo "Stop squid is failed!"
[[ ! -e ${LOCKFILE} ]] && RETVAL=0
fi
return $RETVAL
}
restart() {
stop
sleep 1
start
}
case "$1" in
start)
start
;;
stop)
stop
;;
reload)
SQUID_OPTS=${SQUID_OPTS:-"-D"}
$SQUID -k reconfigure -f ${CFGFILE}
;;
restart)
restart
;;
condrestart)
[[ -e ${LOCKFILE} ]] && restart || :
;;
*)
echo $"Usage: $0 {start|stop|reload|restart|condrestart}"
exit 2
esac
exit $?
# chmod 700 /etc/init.d/squid
# chkconfig --add squid
# service squid start
#---------------------------------------------------------------------------------------------------------------------------------------------
四、squid健康检查
# vim /data/scripts/check_squid.sh
#!/bin/sh
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
PORT='8080'
ETH1_ADDR=`/sbin/ifconfig eth1 | awk -F ':' '/inet addr/{print $2}' | sed 's/[a-zA-Z ]//g'`
if [[ ! -e /usr/local/squid/sbin/squid ]]; then
echo "The squid service has no been installed ^_^"
exit 1
fi
#服务挂掉的情况
retval=`ps aux | grep 'sbin/squi[d]' | wc -l`
if [[ ${retval} -eq 0 ]]; then
/sbin/service squid restart >/dev/null 2>&1
exit 0
fi
##服务僵死的情况
retval=`/usr/local/squid/bin/squidclient -s -h ${ETH1_ADDR} -p ${PORT}`
if [[ "${retval}X" != "X" ]]; then
/sbin/service squid restart >/dev/null 2>&1
fi
# crontab -e
*/5 * * * * /data/scripts/check_squid.sh
#---------------------------------------------------------------------------------------------------------------------------------------------
五、测试
curl -I -s -x http://代理服务IP:8080 www.qq.com